VYPR

Crypt::URandom

by Perl Foundation

CVEs (2)

  • CVE-2026-2474Feb 16, 2026
    risk 0.00cvss epss 0.00

    Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression…

  • CVE-2025-1828HigMar 11, 2025
    risk 0.00cvss 8.8epss 0.00

    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will…